On Thu, Mar 7, 2013 at 12:09 PM, Angela Schreiber wrote:
> ...b) the script execution: that's obviously related to the former with
> one additional twist. everyone that can create a script may not only
> become admin in sling but also gets file system access
That's "anyone who can write a scr
hi carsten and ian
thanks for the clarification.
feel asserted that we will report any vulnerabilities to the
sling-security list as we detect them.
what i would love to discuss on the list in general are
ways or possibilities on how we could prevent the strength
and flexibility of sling to turn
On Thu, Mar 7, 2013 at 12:55 AM, Ian Boston wrote:
> ...If there are other areas where its possible, with ease to create
> critical security issues, then I think we must address those
> immediately.
>
> Please share, ideally on list.
> If you think its not for public list consumption please send a
Hi Angela,
you're definitely missinterpreting my sentences - I care, but even
more important the Sling community cares a lot about security.
Sure, we can always do better - but it's important that we work
together as a community on all aspects of Sling - security is of
course an important part he
On 7 March 2013 04:31, Angela Schreiber wrote:
> hi carsten
>
>> Finally, although this feature is optional and has no impact if not
>> used, there are valid concerns that this might be easily abused. But
>> we can't prevent anyone from abusing stuff and we already have various
>> places where peo
hi carsten
Finally, although this feature is optional and has no impact if not
used, there are valid concerns that this might be easily abused. But
we can't prevent anyone from abusing stuff and we already have various
places where people do funny things.
just to make it very clear: it's not o
